Hi all, I have a customer pushing back against my advice to Hybrid Join their Citrix non-persistent desktops. It will make their SSO and Activation easier. What possible downsides could they be thinking of?

What are the pushing back on exactly? Yes it would make things easier via SSO apps assuming all the right things are in place. ADAL vs WAM for example with M365 apps.

Thanks for the response Ray - I'm waiting to speak with the customer again for clarifications on why it would be a problem in their eyes.....

we dont hybrid join as it breaks our SSO due to no CBA. The PRT does not carry over forcing users to log into office each time

if you hybrid join without turning off auto registration then it adds all the machines into entra as being owned by the first person who logged into them, which can get messy. They might be thinking of that?

Thanks for the feedback. We got around these concerns by assigning the Secure Connection Point (SCP) information using local SCP settings via GPO for Citrix VDA's instead of applying SCP to the entire domain (a much bigger discussion). Reference for targeted SCP deployment here https://learn.microsoft.com/en-us/entra/identity/devices/hybrid-join-control . MCS with Hybrid Join working beautifully now.